ClawHub

生日提醒

Security checks across malware telemetry and agentic risk

Overview

This is a coherent birthday reminder skill that can send configured notifications, so users should protect reminder data and tokens but the behavior is disclosed and purpose-aligned.

Install only if you want birthday reminder data sent or written according to your notify.json. Test with --dry-run first, keep birthday and notification files private, use trusted webhook/chat destinations, avoid committing bot tokens or webhook URLs, and review any Automation schedule you enable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes capabilities to read configuration files, write output to local files, and send notifications over the network, yet no declared permissions are presented. This creates a transparency and consent problem: users may run the skill without understanding that it can access local data and transmit reminder content and service credentials to external destinations.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The generic webhook sender can POST reminder data to any user-supplied URL, making the bridge a general-purpose outbound exfiltration mechanism rather than a narrowly scoped birthday notifier. Because the payload template supports embedding full reminder rows, sensitive personal data such as names, dates, and schedules can be transmitted to arbitrary endpoints if the config is tampered with or misused.

Description-Behavior Mismatch

Low
Confidence
87% confidence
Finding
The file channel appends reminder text to an arbitrary path from configuration without constraining location or filename. If an attacker can influence the notify config, this can overwrite or poison sensitive files, write birthday data into unintended locations, or facilitate persistence/log tampering on the local system.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation provides real sending commands and examples using external notification services, but it does not clearly warn that non-dry-run execution will transmit reminder content to third parties and use configured credentials. Users may unintentionally send personal data or trigger live notifications during testing, especially because the examples normalize operational execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly supports external notification channels such as webhook, Feishu, DingTalk, Slack, and Telegram, but does not warn users that birthday reminder content and related metadata may be transmitted to third-party services. In this skill context, reminder payloads may contain personal information such as names, dates, schedules, and potentially tokens or webhook endpoints, so omission of a privacy/security warning can lead to unintended data disclosure or insecure deployment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code sends birthday reminder content to external services and arbitrary webhooks without any in-file consent, disclosure, or data minimization controls. Since birthdays and reminder schedules are personal data, silent transmission increases privacy risk and makes accidental or malicious data sharing more dangerous in this skill context.

Missing User Warnings

Low
Confidence
86% confidence
Finding
Appending reminder content to an arbitrary file path writes personal reminder data to disk without any visible disclosure or retention controls. This can create unintended local data exposure, especially on shared hosts or when logs/backups are broadly accessible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal